The whole point of encrypting data at rest is to protect the database if physical files or backups are lost. In the Books Online (BOL) page for Transparent Data Encryption (TDE), it notes that "..., in a scenario where the physical media (such as drives or backup tapes) are stolen, a malicious party can just restore or attach the database and browse the data. One solution is to encrypt the sensitive data in the database and protect the keys that are used to encrypt the data with a certificate. This prevents anyone without the keys from using the data..."

That's what TDE is designed for, but the machines that are most likely to be stolen, laptops that contain Express Edition instances, can't implement TDE. Why not? It's an "Enterprise only feature". Why? I assume this is a sales technique to force those companies required to implement data at rest protection will pay more for their instances, but in reality this results in less security for lots of SQL Server applications.

Read the rest of "Not having TDE in all editions is stupid" at SQLServerCentral.